Single algorithm cipher suite for messaging

ABSTRACT

A method for authenticating a message recipient and for secure communication of messages from a sender to the message recipient through a server, the method being carried out by one or more data processing systems in accordance with instructions carried on one or more computer readable media. The message is communicated by sending message data encrypted with a symmetric key algorithm, a private key for the encryption algorithm being generated by hashing first data, to the message recipient through a server. The message recipient is authenticated by the exchange of second data encrypted with the encryption algorithm, an authentication key for said encryption algorithm being generated by hashing third data. The first and second data include a password, which has previously been provided to the message recipient over a separate secure channel. The first and third data are hashed with an encryption algorithm defined hash algorithm using said encryption algorithm and based on Merkle&#39;s meta-method for hashing.

BACKGROUND OF THE INVENTION

[0001] The present invention relates to methods and systems forencryption and decryption and authentication of message recipients. Moreparticularly, it relates to methods and systems incorporating smallapplication programs using a single, symmetric key algorithm, and whichare suitable for rapid downloading.

[0002] With the rapid growth of computer to computer communicationsthere is a growing need for security systems to protect sensitiveinformation such as business information, credit card numbers, and thelike. This is particularly true since most such communications arerouted through third party systems known as servers. Existing systemstypically provide server based security and require client trust in theserver to protect the privacy and data integrity of messages during thedelivery process. Other systems provide end-to-end privacy and dataintegrity but require an underlying public key infrastructure or largeapplications running in either the client's computer or the server.

[0003] Thus, it is an object of the present invention to provide methodsand systems for providing end-to-end security for clients, where themethods and systems incorporate simple, small algorithms suitable forrapid downloading to clients.

BRIEF SUMMARY OF THE INVENTION

[0004] The following conventions apply to the description of the presentinvention set forth below:

[0005] E (“data”, “key”) represents a symmetric key encryption of the“data” with the “key”.

[0006] D (“data”, “key”) represents the corresponding decryption of the“data” with the “key”.

[0007] (“Data 1”|data “2”) represents concatenation of “data 1” with“data 2”. As used herein (“data 1”|“data 2”) also includes predeterminedpermutations of the data string formed by the concatenation of “data 1”and “data 2”.

[0008] H (“data”) represents hashing of the “data” with a hashingalgorithm H.

[0009] All initialization vectors, “IVn's,” are 32 bit integers.

[0010] All “keys” are formed from hashes, the digest of which may belarger or smaller than the desired key size of the underlying encryptionalgorithm or export restriction, in which case the digest may betruncated or padded to the desired length.

[0011] The above object is achieved and the disadvantages of the priorart are overcome in accordance with the present invention by means of amethod for authenticating a message recipient, the method being carriedout by one or more data processing systems in accordance withinstructions carried on one or more computer readable media andincluding the steps of: a) generating a password P; b) sending thepassword P to the message recipient over a first, secure channel; c)generating a first random number as a first initialization vector IV1;d) generating H(IV1|P) as an authentication key AK; e) generating anauthentication string AS as E(ACNST1, AK), where ACNST1 is apredetermined constant and E is a predetermined symmetric key encryptionalgorithm;

[0012] f) generating a second random number as a second initializationvector IV2;

[0013] g) sending the vectors IV1 and IV2 to said message recipient overa second channel;

[0014] h) receiving a third random number as a third initializationvector IV3 and an authentication response AR from the recipient; i)generating an authentication response key ARK as H (IV2|IV3|AS); j)generating a decryption D(AR, ARK), where D is a symmetric decryptionalgorithm corresponding to E; and k) authenticating the messagerecipient only if D(AR, ARK)=ACNST2, where ACNST2 is a secondpredetermined constant.

[0015] In accordance with one aspect of the present invention steps athrough f above are carried out by a sender which sends the vector IV1to the message recipient through a server, the server sending the vectorIV1 together with the vector IV2 to the message recipient; and theserver receives the vector IV3 and the response AR from the recipient,and carries out steps i through k to authenticate the recipient.

[0016] In accordance with another aspect of the present invention, theencryption algorithm is expressed in less than 1000 bytes of code andsoftware comprising the algorithm can be quickly downloaded to a user'ssystem.

[0017] In accordance with still another aspect of the present anencrypted message is sent to the recipient by: a) generating a randomnumber as an initialization vector IV4; b) generating a private key PKas H(IV4|P), where P is a password known to a message recipient; c)generating an encryption ENC=E(M|H(M), PK), where E is a predeterminedsymmetric key encryption algorithm; and d) sending (IV4, ENC) to saidmessage recipient.

[0018] In accordance with another aspect of the present inventionauthentication of the message recipient is received prior to sending(IV4, ENC) and the message recipient is authenticated by: a) generatinga password P; b) sending the password P to the message recipient over afirst, secure channel; c) generating a first random number as a firstinitialization vector IV1; d) selecting H(IV1|P) or H(P|IV1) as anauthentication key AK; e) generating an authentication string AS asE(ACNST1, AK), where ACNST1 is a predetermined constant and E is apredetermined symmetric key encryption algorithm;

[0019] f) generating a second random number as a second initializationvector IV2; g) sending the vectors IV1 and IV2 to the message recipientover a second channel; h) receiving a third random number as a thirdinitialization vector IV3 and an authentication response AR from therecipient over the second channel; i) making a predetermined selectionof a authentication response key ARK as H(IV2|IV3|AS) or as a hash ofanother concatenation of IV2, IV3, and AS; j) generating a decryptionD(AR, ARK), where D is a symmetric decryption algorithm corresponding toE; and k) authenticating the message recipient only if D(AR,ARK)=ACNST2, where ACNST2 is a second predetermined constant.

[0020] In accordance with still another aspect of the present inventiona message recipient responds to an authentication challenge by: a)receiving initialization vectors IV1 and IV2; b) generating anauthentication response key as H(IV1|P), where P is a password receivedfrom a sender; c) generating an authentication string AS as E(ACNST1,AK), where ACNST1 is a predetermined constant and E is a predeterminedsymmetric key encryption algorithm; d) generating a third random numberas a third initialization vector IV3; e) generating an authenticationresponse key ARK as H(IV2|IV3|AS);

[0021] f) generating an authentication response AR as E(ACNST2, ARK);and g) sending (IV3, AR) to said sender.

[0022] In accordance with another aspect of the present invention themessage recipient sends the vector IV3 and the response AR to a server;and c) the server receives the vector IV3 and the response AR from therecipient, and authenticates the recipient.

[0023] In accordance with still another aspect of the present inventionthe message recipient receives an encrypted message: a) receiving (IV4,ENC), where ENC=E(M|H(M), PK), M is said message, and E is apredetermined encryption algorithm; b) generating PK as H(IV4|P), whereP is a password received from a sender of said message over a securechannel; c) generating D(ENC, PK)=M|H(M), where D is a symmetric keydecryption algorithm corresponding to E; d) calculating H(M) from saidvalue of M generated in step c; and e) accepting said generated value ofM only if said calculated value of H(M) equals said value of H(M)generated in step c.

[0024] In accordance with another aspect of the present invention, theinitialization vector IV4 and the encryption ENC are received from thesender through a server.

[0025] In accordance with still yet another aspect of the presentinvention a method for secure communication of a message to a messagerecipient includes sending message data encrypted with a symmetric keyalgorithm, a private key for the encryption algorithm being generated byhashing first data, the first data including a password; where the firstdata is hashed with an encryption algorithm defined hash algorithm usingthe encryption algorithm, as described further below.

[0026] In accordance with another aspect of the present invention themessage recipient is authenticated by the exchange of second dataencrypted with the encryption algorithm, an authentication key for theencryption algorithm being generated by hashing third data, the thirddata including a password, where the third data is hashed with anencryption algorithm defined hash algorithm using the encryptionalgorithm.

[0027] Other objects and advantages of the subject invention will beapparent to those skilled in the art from consideration of the attacheddrawings and detailed descriptions set forth below.

BRIEF DESCRIPTION OF THE DRAWINGS

[0028]FIG. 1 shows a schematic block diagram of a network forcommunications in accordance with the present invention.

[0029]FIG. 2 shows a flow diagram of the initial set up of systems ofFIG. 1.

[0030]FIG. 3 shows a flow diagram of the authentication of a messagerecipient in accordance with the present invention.

[0031]FIG. 4 shows a flow diagram of the transmission and receipt of amessage in accordance with the present invention.

[0032]FIG. 5 shows a flow diagram of a hashing algorithm used in thepresent invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS OF THE SUBJECT INVENTION

[0033]FIG. 1 shows a sender system 10 and a message recipient system 20,which communicate with a server 30 over the Internet 40. Other channelsof communication, such as the Public Switched Telephone Network are alsowithin the contemplation of the present invention. Authenticationsignals as are exchanged between system 10 and system 20 through server30 to provide assurance that system 20 is the intended messagerecipient. Once recipient 20 is authenticated message signals ms aresent from system 10 to system 20 through server 30. In a preferredembodiment of the present invention code signals cs representative ofinstructions for controlling systems 10 and 20 to carry out variousaspects of the present invention are downloaded from server 30 overInternet 40. In other embodiments of the present invention the code canbe communicated by any other convenient computer readable medium such asCD's or floppy disks.

[0034]FIG. 1 also shows a secure, out-of-band channel 50 forcommunication of a password of sender system 10 to recipient system 20.Communication over channel 50 may be in any convenient form, providedthat it provides sufficient assurance that the password is securelytransmitted to recipient system 20. Details of the operation of channel50 form no part of the present invention.

[0035]FIG. 2 shows a flow diagram of the initial set up of systems 10and 20 by server 30. At 60 server 30 generates two constants ACNST1 andACNST2. These constants need not be kept secret and can be published forgeneral use.

[0036] At 62 server 30 sends code for authentication of recipients andencryption of messages to sender system 10, as will be described furtherbelow. At this point, if the constant has not been made otherwiseavailable, server 30 also sends ACNST1 to sender system 10.

[0037] At 64 server 30 sends code for the decryption of messages andresponse to authentication request to recipient system 20, and, if nototherwise available, sends ACNST1 and ACNST2 to recipient system 20 andthen exits.

[0038] At 70 sender system 10 receives the code and the constant ACNST1.At 72 server system 10 generates a secret password P. At 74 sendersystem 10 sends password P to recipient system 20 over secure channel50, and then exits.

[0039] At 80 recipient system 20 receives code for decryption ofmessages and response to authentication requests and constants ACNST1and ACNST2, if not otherwise available. At 82 recipient system 20receives password P from sender system 10 over secure channel 50, andexits.

[0040] It should be noted that code in accordance with the presentinvention is based upon a symmetric key algorithm, resulting in a shortcompact code which can be rapidly downloaded to sender system 10 andrecipient system 20; an advantage not believed to be found in othersystems for providing end-to-security for message transmission over anetwork such as the Internet.

[0041] By “downloading” herein is meant providing signals representativeof code in accordance with the present invention to sender system 10 andrecipient system 20 through any suitable form ofcomputer-readable-medium. Preferably the computer-readable-medium is asequence of digital signals communicated over Internet 40, as shown inFIG. 1, but includes, but is not limited to, other media such as floppydiscs, CD's, memory chips or any other convenient form for transmittingsignals representative of the code.

[0042]FIG. 3 shows a flow diagram of the operation of the sender system10, recipient system 20 and server 30 in authenticating recipient system20. By “authenticating system 20” herein is meant providing server 30with sufficient information to provide a satisfactory degree ofassurance that system 10 is in fact communicating with system 20.

[0043] At 90 system 10 generates a random number as a firstinitialization vector IV1. At 92 sender system 10 generates anauthentication key AK as H(IV 1|P). Then at 94 sender system 10generates an authentication string AS as E(ACNST1, AK). At 96 sendersystem 10 sends (IV1, AS) to server 30, and exits.

[0044] At 100 server 30 receives (IV1, AS) from sender system 10. At 102server 30 generates a second random number as a second initializationvector IV2. At 104 server 30 sends (IV 1, IV 2) to recipient system 20.

[0045] At 108 recipient system 20 receives (IV 1, IV 2) from server 30.At 110 recipient system 20 generates H(IV 1|P)=AK. At 112 recipientsystem 20 generates

[0046] E(ACNST1, AK)=AS. At 116 recipient system 20 generates a thirdrandom number as third initialization vector IV 3. At 118 system 20generates authentication response key ARK=H(IV 2|IV 3|AS). At 120 thesystem generates authentication response AR=E(ACNST2, ARK). At 124recipient system 20 sends (IV 3, AR) to server 20 and exits.

[0047] At 128 server 30 receives (IV 3, AR) from recipient system 20. At130 server 30 generates ARK=H(IV 2|IV 3|AS), and at 132 generates D(AR,ARK). Then at 136 server 30 determines if D(AR, ARK)=ACNST2?. If theanswer at 136 is no, recipient system 20 is not authenticated and server30 exits to an error routine at 138. Details of such error routine formno part of the present invention and will not be discussed further here.If the answer at 136 is yes, then at 140 server 30 authenticatesrecipient system 20 and at 144 stores the recipient authentication, andexits.

[0048]FIG. 4 shows a flow diagram of the operation of sender system 10,recipient system 20, and server 30 in the encryption, transmission anddecryption of message M.

[0049] At 152 system 10 generates a 4th random number as a 4thinitialization vector IV 4. At 154 system 10 generates private keyPK=H(IV 4|P). At 156 system 10 generates a hash of message M=H(M). At160 sender system 10 generates encryption ENC=E(M|H(M), PK). At 162system 10 sends (IV 4, ENC) to server 30, and exits.

[0050] At 170 server 30 receives (IV 4, ENC) and, at 171, determines ifthe message recipient has been authenticated. If so, at 172, server 30sends (IV 4, ENC) to recipient system 20, and exits. Otherwise, at 173server 30 goes to an error routine whose details form no part of thepresent invention.

[0051] At 180 recipient system 20 receives (IV 4, ENC). At 182 system 20generates H(IV 4|P)=PK. At 184 system 20 generates D(ENC, PK)=(M|H(M)).

[0052] At 186 System 20 calculates a value for a message hash from thevalue of message M received at 184, and at 190 determines if thecalculated message hash equals the value received at 184. If the answerat 190 is no, system 20 exits to an error routine at 192. Details of theerror routine at 192 form no part of the present invention and will notbe discussed further here. If the answer at 190 is yes, the message isconsidered to be authentic and system 20 exits.

[0053] It should be noted that server 30 is never in possession ofpassword P and so cannot access message M, create a false message M, orgenerate a false authentication for recipient system 20.

[0054] It should also be noted that since ACNST1 and ACNST2 are notsecret, the functions of server 30 could be carried out by sender system10. The embodiment described above is, however, preferred since, ingeneral, communication through a trusted server is preferred in order toavoid the need to disclose an Internet address or the like to arecipient.

[0055]FIG. 5 shows a flow diagram of encryption algorithm H used above.

[0056] At 200 registers d and j are set equal to zero.

[0057] AT 202 message M is “chunked” to form a sequence of keys: k(o),k(1) . . . k(t). Message M is padded to the nearest integral value of n,where n is the length of the keys. (By “chunked” herein is meantdividing message M, padded as necessary, into t successive n bitsegments.) Then at 204 key k(t+1)=the bit length of M, padded asnecessary, is formed. Then at 206 d is set equal to E(d, k)j)). At 210the determination is made if j is equal to t+1. If not then at 212 j isset equal to j+1 and the algorithm returns to 206. If, at 210 j is equalto t+1 then the algorithm is complete.

[0058] Those skilled in the art will recognize that the algorithmdescribed in FIG. 5 is defined in terms of a generic encryptionalgorithm using Merkle's meta-method for hashing. The algorithm of FIG.5 will sometimes hereinafter be referred to as an “encryption algorithmdefined hash”. In accordance with an embodiment of the presentinvention, the encryption algorithm used is the same algorithm used forauthentication and encryption of message M, as described above. Thisnovel use of a single, symmetric key algorithm in a cipher suite isadvantageous in providing the simplicity and small size which areobjects of the present invention.

[0059] Preferably encryption algorithm E is the commercially availableRC4 algorithm, which is advantageous in that it is of only a few hundredbytes in size. It is believed that the RC4 algorithm will provideadequate security in the present invention for communications ofmoderate value, though other algorithms may be necessary forcommunications of higher value.

[0060] Those skilled in the art will also recognize that the functionsof sender system 10 and recipient system 20 may be interchanged in orderto provide for bi-directional communications. However, description ofthe present invention, as set forth above, is presented in terms ofuni-directional communications for reasons of simplicity, and issufficient for those skilled in the art to fully understand the presentinvention.

[0061] The embodiments described above and illustrated in the attacheddrawings have been given by way of example and illustration only. Fromthe teaching of the present application those skilled in the art willreadily recognize other numerous embodiments in accordance with thesubject invention. Accordingly, limitations on the present invention areto be found only in the claims set forth below.

What is claimed is:
 1. A method for authenticating a message recipient,said method comprising the steps of: a) generating a password P; b)sending said password P to said message recipient over a first, securechannel; c) generating a first random number as a first initializationvector IV1; d) generating H(IV1|P) as an authentication key AK; e)generating an authentication string AS as E(ACNST1, AK), where ACNST1 isa predetermined constant and E is a predetermined symmetric keyencryption algorithm; f) generating a second random number as a secondinitialization vector IV2; g) sending said vectors IV1 and IV2 to saidmessage recipient over a second channel; h) receiving a third randomnumber as a third initialization vector IV3 and an authenticationresponse AR from said recipient; i) generating an authenticationresponse key ARK as H(IV2|IV3|AS); j) generating a decryption D(AR,ARK), where D is a symmetric decryption algorithm corresponding to E;and k) authenticating said message recipient only if D(AR, ARK)=ACNST2,where ACNST2 is a second predetermined constant.
 2. A method asdescribed in claim 1 where: a) steps a through f are carried out by asender; b) said sender sends said vector IV1 to said message recipientthrough a server, said server sending said vector IV1 together with saidvector IV2 to said message recipient; and c) said server receives saidvector IV3 and said response AR from said recipient, and carries outsteps i through k to authenticate said recipient.
 3. A method asdescribed in claim 1 where H is an encryption algorithm defined hashalgorithm using said encryption algorithm E.
 4. A method as described inclaim 3 where said encryption algorithm is expressed in less than 1000bytes of code; whereby software comprising said algorithm can be quicklydownloaded to a user's system.
 5. A method as described in claim 4 wheresaid encryption algorithm is an RC4 algorithm.
 6. A method for sendingan encrypted message, said method comprising the steps of: a) generatinga random number as an initialization vector IV4; b) generating a privatekey PK as H(IV4|P), where P is a password known to a message recipient;c) generating an encryption ENC=E(M|H(M), PK), where E is apredetermined symmetric key encryption algorithm; and d) sending (IV4,ENC) to said message recipient.
 7. A method as described in claim 6comprising the further step of receiving authentication of said messagerecipient prior to sending (IV4, ENC).
 8. A method as described in claim7 where said message recipient is authenticated by the steps of: a)generating a password P; b) sending said password P to said messagerecipient over a first, secure channel; c) generating a first randomnumber as a first initialization vector IV1; d) generating H(IV1|P) asan authentication key AK; e) generating an authentication string AS asE(ACNST1, AK), where ACNST1 is a predetermined constant and E is apredetermined symmetric key encryption algorithm; f) generating a secondrandom number as a second initialization vector IV2; g) sending saidvectors IV1 and IV2 to said message recipient over a second channel; h)receiving a third random number as a third initialization vector IV3 andan authentication response AR from said recipient over said secondchannel; i) generating an authentication response key ARK asH(IV2|IV3|AS); j) generating a decryption D(AR, ARK), where D is asymmetric decryption algorithm corresponding to E; and k) authenticatingsaid message recipient only if D(AR, ARK)=ACNST2, where ACNST2 is asecond predetermined constant.
 9. A method as described in claim 8where: a) steps a through f are carried out by a sender; b) said sendersends said vectors IV1 and IV2 to said message recipient through aserver; and c) said server receives said vector IV3 and said response ARfrom said recipient, and carries out steps i through k to authenticatesaid recipient.
 10. A method as described in claim 6 where H is anencryption algorithm defined hash algorithm using said encryptionalgorithm E.
 11. A method as described in claim 10 where said encryptionalgorithm is expressed in less than 1000 bytes of code; whereby softwarecomprising said algorithm can be quickly downloaded to a user's system.12. A method as described in claim 11 where said encryption algorithm isan RC4 algorithm.
 13. A method for responding to an authenticationchallenge, said method comprising the steps of: a) receivinginitialization vectors IV1 and IV2; b) generating an authenticationresponse key as H(IV1|P), where P is a password received from a sender;c) generating an authentication string AS as E(ACNST1, AK), where ACNST1is a predetermined constant and E is a predetermined symmetric keyencryption algorithm; d) generating a third random number as a thirdinitialization vector IV3; e) generating an authentication response keyARK as H(IV2|IV3|AS); f generating an authentication response AR asE(ACNST2, ARK); and g) sending (IV3, AR) to said sender.
 14. A method asdescribed in claim 13 where: a) steps a through f are carried out by amessage recipient; b) said message recipient sends said vector IV3 andsaid response AR to a server; and c) said server receives said vectorIV3 and said response AR from said recipient, and authenticates saidrecipient.
 15. A method as described in claim 13 where H is anencryption algorithm defined hash algorithm using said encryptionalgorithm E.
 16. A method as described in claim 15 where said encryptionalgorithm is expressed in less than 1000 bytes of code; whereby softwarecomprising said algorithm can be quickly downloaded to a user's system.17. A method as described in claim 16 where said encryption algorithm isan RC4 algorithm.
 18. A method for receiving an encrypted message, saidmethod comprising the steps of: a) receiving (IV4, ENC), whereENC=E(M|H(M), PK), M is said message, and E is a predeterminedencryption algorithm; b) generating PK as H(IV4|P), where P is apassword received from a sender of said message over a secure channel;c) generating D(ENC, PK)=(M|H(M)), where D is a symmetric key decryptionalgorithm corresponding to E; d) calculating H(M) from said value of Mgenerated in step c; and e) accepting said generated value of M only ifsaid calculated value of H(M) equals said value of H(M) generated instep c.
 19. A method as described in claim 18 where H is an encryptionalgorithm defined hash algorithm using said encryption algorithm E. 20.A method as described in claim 19 where said encryption algorithm isexpressed in less than 1000 bytes of code; whereby software comprisingsaid algorithm can be quickly downloaded to a user's system.
 21. Amethod as described in claim 16 where said encryption algorithm is anRC4 algorithm.
 22. A method as described in claim 18 where saidinitialization vector IV4 and said encryption ENC are received from saidsender through a server.
 23. A method for secure communication of amessage to a message recipient, said method comprising the steps of: a)sending message data encrypted with a symmetric key algorithm, a privatekey for said encryption algorithm being generated by hashing first data,said first data including a password; where b) said first data is hashedwith an encryption algorithm defined hash algorithm using saidencryption algorithm.
 24. A method as described in claim 23 furthercomprising the steps of: a) authenticating a message recipient by theexchange of second data encrypted with said encryption algorithm, anauthentication key for said encryption algorithm being generated byhashing third data, said third data including a password; where b) saidthird data is hashed with an encryption algorithm defined hash algorithmusing said encryption algorithm.
 25. A method as described in claim 24where said encryption algorithm is expressed in less than 1000 bytes ofcode; whereby software comprising said algorithm can be quicklydownloaded to a user's system.
 26. A method as described in claim 24where said encryption algorithm is an RC4 algorithm.
 27. A sender dataprocessing system for use in a system for authenticating a messagerecipient, said sender data processing system being programmed to: a)generate a password P; b) send said password P to said message recipientover a first, secure channel; c) generate a first random number as afirst initialization vector IV1; d) generating H(IV1|P) as anauthentication key AK; e) generate an authentication string AS asE(ACNST1, AK), where ACNST1 is a predetermined constant and E is apredetermined symmetric key encryption algorithm; and f) send saidvector IV1 to said message recipient over a second channel; where g) His an encryption algorithm defined hash algorithm using said encryptionalgorithm E.
 28. A server data processing system for use in a system forauthenticating a message recipient, said server data processing systembeing programmed to: a) receive an authentication string AS and a firstinitialization vector IV1 from a sender; b) generate a second randomnumber as a second initialization vector IV2; c) send said vectors IV1and IV2 to a message recipient; d) receive a third random number as athird initialization vector IV3 and an authentication response AR fromsaid recipient over said second channel; e) make a predeterminedselection of an authentication response key ARK as H(IV2|IV3|AS); f)generate a decryption D(AR, ARK), where D is a symmetric decryptionalgorithm corresponding to E; and g) authenticating said messagerecipient only if D(AR, ARK)=ACNST2, where ACNST2 is a secondpredetermined constant; where h) H is an encryption algorithm definedhash algorithm using said encryption algorithm E.
 29. A messagerecipient data processing system for use in a system for authenticatinga message recipient, said message recipient data processing system beingprogrammed to: a) receive initialization vectors IV1 and IV2; b)generating an authentication key AK as H(IV1|P), where P is a passwordreceived from a sender; c) generating an authentication string AS asE(ACNST1, AK), where ACNST1 is a predetermined constant and E is apredetermined symmetric key encryption algorithm; d) generate a thirdrandom number as a third initialization vector IV3; e) generating anauthentication response key ARK as H(IV2|IV3|AS); f) generate anauthentication response AR as E(ACNST2, ARK); and g) send (IV3, AR) tosaid sender; where h) H is an encryption algorithm defined hashalgorithm using said encryption algorithm E.
 30. A sender dataprocessing system for use in a system for secure communication of amessage to a message recipient, said sender data processing system beingprogrammed to: a) generate a random number as an initialization vectorIV4; b) generate a private key PK as H(IV4|P), where P is a passwordknown to a message recipient; c) generate an encryption ENC=E(M|H(M),PK), where E is a predetermined symmetric key encryption algorithm; andd) send (IV4, ENC) to said message recipient; where e) H is anencryption algorithm defined hash algorithm using said encryptionalgorithm E.
 31. A message recipient data processing system for use in asystem for secure communication of a message to a message recipient,said message recipient data processing system being programmed to: a)receive (IV4, ENC), where ENC=E(M|H(M), PK), M is said message, and E isa predetermined encryption algorithm; b) generating PK as H(IV4|P),where P is a password received from a sender of said message over asecure channel; c) generate D(ENC, PK)=(M|H(M)), where D is a symmetrickey decryption algorithm corresponding to E; d) calculate H(M) from saidvalue of M generated in step c; and e) accept said generated value of Monly if said calculated value of H(M) equals said value of H(M)generated in step c; where f) H is an encryption algorithm defined hashalgorithm using said encryption algorithm E.
 32. A computer-readablemedium carrying one or more sequences of one or more instructions forcontrolling a sender data processing system to: a) generate a passwordP; b) send said password P to said message recipient over a first,secure channel; c) generate a first random number as a firstinitialization vector IV1; d) generating H(IV1|P) as an authenticationkey AK; e) generate an authentication string AS as E(ACNST1, AK), whereACNST1 is a predetermined constant and E is a predetermined symmetrickey encryption algorithm; and f) send said vector IV1 to said messagerecipient over a second channel; where g) H is an encryption algorithmdefined hash algorithm using said encryption algorithm E.
 33. Acomputer-readable medium carrying one or more sequences of one or moreinstructions for controlling a server data processing system to: a)receive an authentication string AS and a first initialization vectorIV1 from a sender; b) generate a second random number as a secondinitialization vector IV2; c) send said vectors IV1 and IV2 to a messagerecipient; d) receive a third random number as a third initializationvector IV3 and an authentication response AR from said recipient oversaid second channel; e) make a predetermined selection of anauthentication response key ARK as H(IV2|IV3|AS); f) generate adecryption D(AR, ARK), where D is a symmetric decryption algorithmcorresponding to E; and g) authenticating said message recipient only ifD(AR, ARK)=ACNST2, where ACNST2 is a second predetermined constant;where h) H is an encryption algorithm defined hash algorithm using saidencryption algorithm E.
 34. A computer-readable medium carrying one ormore sequences of one or more instructions for controlling a messagerecipient data processing system to: a) receive initialization vectorsIV1 and IV2; b) generate an authentication key AR as H(IV|P), where P isa password received from a sender; c) generate an authentication stringAS as E(ACNST1, AK), where ACNST1 is a predetermined constant and E is apredetermined symmetric key encryption algorithm; d) generate a thirdrandom number as a third initialization vector IV3; e) make apredetermined selection of an authentication response key ARK asH(IV2|IV3|AS); f) generate an authentication response AR as E(ACNST2,ARK); and g) send (IV3, AR) to said sender; where h) H is an encryptionalgorithm defined hash algorithm using said encryption algorithm E. 35.A computer-readable medium carrying one or more sequences of one or moreinstructions for controlling a sender data processing system to: a)generate a random number as an initialization vector IV4; b) generate aprivate key PK as H(IV4|P), where P is a password known to a messagerecipient; c) generate an encryption ENC=E(M|H(M), PK), where E is apredetermined symmetric key encryption algorithm; and d) send (IV4, ENC)to said message recipient; where e) H is an encryption algorithm definedhash algorithm using said encryption algorithm E.
 36. Acomputer-readable medium carrying one or more sequences of one or moreinstructions for controlling a message recipient data processing systemto: a) receive initialization vectors IV1 and IV2; b) generate anauthentication key AR as H(IV1|P), where P is a password received from asender; c) generate an authentication string AS as E(ACNST1, AK), whereACNST1 is a predetermined constant and E is a predetermined symmetrickey encryption algorithm; d) generate a third random number as a thirdinitialization vector IV3; e) make a predetermined selection of anauthentication response key ARK as H(IV2|IV3|AS); f) generate anauthentication response AR as E(ACNST2, ARK); and g) send (IV3, AR) tosaid sender; where h) H is an encryption algorithm defined hashalgorithm using said encryption algorithm E.